Blog
Share This Post
[ad_1]
Cloudflare‘s content delivery network was discovered to have been impacted by a vulnerability that could be exploited to expose location details through images sent on Discord, Signal, and other messaging apps, reports BleepingComputer.
With Cloudflare conducting media resource caching at the data center closest in proximity to its users, security researcher Daniel discovered that an information-disclosure intrusion could be conducted through the delivery of a unique image hosted on Cloudflare’s CDN to a vulnerable app, which would use the Cloudflare Teleport tool to route the requests to certain data centers. Enumerating various Cloudflare data centers’ cached responses for the image enabled the mapping of users’ locations and a tracking accuracy of 50 to 300 miles, which could be further improved with Cloudflare’s use of anycast routing, according to Daniel. While Cloudflare has already addressed the Workers vulnerability that allowed location exposure, geo-locating attacks could still be performed via Teleport reprogramming for VPN usage, said Daniel, who was able to connect with nearly 54% of all Cloudflare datacenters with the new technique.
Get essential knowledge and practical strategies to fortify your applications.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
